svchost Prozess

Azathoth · 11.01.2015, 19:22

Hallo und zwar habe ich ein Problem und zwar geht es um die svchost die als Prozess angezeigt wird. svchost nimmt ziemlich viel Arbeitsspeicher weg und so wie ich das sehe und merke werden das immer mehr ,da ich keine Ahnung habe von svchost und es nicht unbedingt schließen will ohne das hier was passiert an meinen Rechner frage ich euch mal ob mir da wer helfen kann .Selbst die ganzen anderen Prozesse von den ich keine Ahnung hab laufen am laufenden Bande .

schrauber · 11.01.2015, 19:49

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Azathoth · 11.01.2015, 19:56

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Anonymous (administrator) on AZATHOTH-HIGH-T on 11-01-2015 19:50:39
Running from C:\Users\Anonymous\Downloads
Loaded Profiles: Anonymous & Administrator (Available profiles: Anonymous & Administrator & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Solid State Networks) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\TERA-Launcher.exe
() C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\Client\TL.exe
(Bluehole Studio) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\Client\Binaries\TERA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Neuber Software) C:\Users\Anonymous\Downloads\SvchostAnalyzer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-08-19] (Realtek Semiconductor)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-09] ()
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-09-11] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-09-16] (TrueCrypt Foundation)
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\MountPoints2: {5732e27f-d743-11e3-a3b9-8c89a581400c} - G:\LGAutoRun.exe
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {0576C10C-BFCE-4129-90AE-5DAE304037F6} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA4FAE0EE-2CD0-450B-BEB7-62E3CF96184F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331172&octid=EB_ORIGINAL_CTID&ISID=M8AC68DD5-CEF7-4E99-A615-A32289F6FC03&SearchSource=58&CUI=&UM=6&UP=SP588BDC3C-66F1-44E4-950E-A4394097F5C4&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={210377AA-19BA-4D88-9E52-F498B338D40F}&mid=4d12f094886947d2b3f05dc0e365a9ff-8350f43fb714d4bb12234ad18030f5e12ee02044&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214avt&pr=fr&d=2014-12-09 21:27:34&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1156299357-3113204970-1195548155-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\xl2na9ux.default
FF SelectedSearchEngine: v9
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1156299357-3113204970-1195548155-1000: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Amazon-Icon - C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\xl2na9ux.default\Extensions\amazon-icon@giga.de [2014-07-20]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Anonymous\AppData\Roaming\Mozilla\Firefox\Profiles\xl2na9ux.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2014-10-11]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2014-10-11]
FF HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-28]

Chrome: 
=======
CHR StartupUrls: Default -> "https:\/\/de.yahoo.com\/?fr=hp-avast&type=avastbcl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-07]
CHR Extension: (Google Docs) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-07]
CHR Extension: (Google Drive) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-07]
CHR Extension: (Adblock Plus) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-07]
CHR Extension: (Google Search) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-07]
CHR Extension: (Google Sheets) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-07]
CHR Extension: (Speed Check) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
CHR Extension: (Layout Grid) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec [2014-09-07]
CHR Extension: (Quick start) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-07]
CHR Extension: (Gmail) - C:\Users\Anonymous\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-30] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-09-18] (Perfect World Entertainment Inc)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-09] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600264 2013-11-05] (INCA Internet Co., Ltd.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-09-22] (Microsoft Corporation) [File not signed]
S2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-09] (AVG Secure Search)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-31] (The OpenVPN Project)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-09] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-28] (Disc Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2014-09-25] (TENCENT)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 GPU-Z; \??\C:\Users\ANONYM~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:47 - 2015-01-11 19:47 - 12855384 _____ (Nullsoft, Inc.) C:\Users\Anonymous\Downloads\winamp5666_full_de-de_b3516 (1).exe
2015-01-11 19:39 - 2015-01-11 19:53 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-11 19:39 - 2015-01-11 19:39 - 02935152 _____ () C:\Users\Anonymous\Downloads\SecurityTaskManager_Setup.exe
2015-01-11 19:39 - 2015-01-11 19:39 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-11 19:39 - 2015-01-11 19:39 - 00001164 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-11 19:39 - 2015-01-11 19:39 - 00001152 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-11 19:39 - 2015-01-11 19:39 - 00000000 ____D () C:\Users\Anonymous\AppData\Local\SecTaskMan
2015-01-11 19:39 - 2015-01-11 19:39 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-11 19:37 - 2015-01-11 19:37 - 00540072 _____ (Neuber Software) C:\Users\Anonymous\Downloads\SvchostAnalyzer.exe
2015-01-11 19:18 - 2015-01-11 19:20 - 00044989 _____ () C:\Users\Anonymous\Downloads\Addition.txt
2015-01-11 19:12 - 2015-01-11 19:53 - 00027117 _____ () C:\Users\Anonymous\Downloads\FRST.txt
2015-01-11 19:11 - 2015-01-11 19:50 - 00000000 ____D () C:\FRST
2015-01-11 19:11 - 2015-01-11 19:11 - 02124288 _____ (Farbar) C:\Users\Anonymous\Downloads\FRST64.exe
2015-01-11 18:40 - 2015-01-11 18:40 - 00001036 _____ () C:\Users\Guest\Desktop\ClearProg.lnk
2015-01-11 18:40 - 2015-01-11 18:40 - 00001036 _____ () C:\Users\Anonymous\Desktop\ClearProg.lnk
2015-01-11 18:40 - 2015-01-11 18:40 - 00001036 _____ () C:\Users\Administrator\Desktop\ClearProg.lnk
2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClearProg
2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg
2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 ____D () C:\Program Files (x86)\ClearProg
2015-01-11 18:39 - 2015-01-11 18:39 - 01174352 _____ () C:\Users\Anonymous\Downloads\ClearProg - CHIP-Installer.exe
2015-01-09 19:22 - 2015-01-09 19:22 - 01765672 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Anonymous\Downloads\GPU-Z_ASUS_ROG_0.8.0.exe
2015-01-09 19:22 - 2015-01-09 19:22 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-01-09 19:22 - 2015-01-09 19:22 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2015-01-08 21:50 - 2015-01-08 21:50 - 11241080 _____ () C:\Users\Anonymous\Downloads\join.me.exe
2015-01-06 08:32 - 2015-01-06 08:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-06 08:32 - 2015-01-06 08:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-12-30 17:32 - 2014-12-30 17:32 - 00001176 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-30 17:32 - 2014-12-30 17:32 - 00001164 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-30 17:32 - 2014-12-30 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-30 17:30 - 2014-12-30 17:30 - 39441776 _____ () C:\Users\Anonymous\Downloads\Firefox_Setup_de34.0.5.exe
2014-12-30 17:28 - 2014-12-30 17:28 - 37059280 _____ (Microsoft Corporation) C:\Users\Anonymous\Downloads\IE11-Windows6.1-x86-de-de.exe
2014-12-30 17:26 - 2014-12-30 17:26 - 63320784 _____ (Microsoft Corporation) C:\Users\Anonymous\Downloads\IE11_w7_Windows6.1-x64-de-de.exe
2014-12-28 20:58 - 2014-12-28 20:59 - 00003034 _____ () C:\Windows\System32\Tasks\Open Chrome
2014-12-28 20:58 - 2014-12-28 20:59 - 00000708 _____ () C:\Windows\Tasks\Open Chrome.job
2014-12-26 14:16 - 2014-12-26 14:16 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\AVG
2014-12-26 14:08 - 2014-12-26 14:20 - 00000000 ____D () C:\ProgramData\AVG
2014-12-26 14:08 - 2014-12-26 14:08 - 00000000 ____D () C:\Users\Anonymous\AppData\Local\Avg
2014-12-26 14:06 - 2014-12-26 14:07 - 90844984 _____ (AVG Technologies) C:\Users\Anonymous\Downloads\avg_tuh_stf_all_2015_238_24c28.exe
2014-12-24 09:43 - 2014-12-24 09:43 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-20 09:31 - 2014-12-20 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-20 09:31 - 2014-12-20 09:31 - 00000000 ____D () C:\ProgramData\ATI
2014-12-20 09:30 - 2015-01-09 20:25 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\Raptr
2014-12-20 09:30 - 2014-12-20 09:31 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-20 09:30 - 2014-12-20 09:30 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-20 09:29 - 2014-12-20 09:29 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201412200929492884.log
2014-12-20 09:29 - 2014-12-20 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-20 09:20 - 2014-12-20 09:20 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-18 04:47 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 04:47 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 02:20 - 2014-12-05 12:22 - 00328216 _____ () C:\Users\Anonymous\Desktop\pgc_v2.version
2014-12-13 03:27 - 2014-12-13 04:52 - 00000000 ____D () C:\Users\Anonymous\Downloads\Forsaken Client
2014-12-13 03:12 - 2014-12-13 03:27 - 1373450417 _____ (Igor Pavlov) C:\Users\Anonymous\Downloads\Forsaken_Client_v1_6.exe
2014-12-13 02:56 - 2014-12-13 02:56 - 00001533 _____ () C:\Users\Public\Desktop\Flyff.lnk
2014-12-13 02:56 - 2014-12-13 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff
2014-12-13 02:29 - 2014-12-13 02:29 - 00000000 ____D () C:\Program Files\Webzen
2014-12-13 00:07 - 2014-12-13 00:07 - 05697488 _____ () C:\Users\Anonymous\Downloads\Flyff_de_Downloader.exe
2014-12-12 22:53 - 2014-12-13 02:10 - 00000000 ____D () C:\download
2014-12-12 11:16 - 2014-12-12 11:16 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 01:16 - 2014-12-12 02:16 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 19:50 - 2014-01-29 13:09 - 00000000 ____D () C:\Program Files (x86)\Winamp
2015-01-11 19:47 - 2013-01-30 18:02 - 00007618 _____ () C:\Users\Anonymous\AppData\Local\Resmon.ResmonCfg
2015-01-11 19:45 - 2014-03-25 07:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-11 18:59 - 2014-09-07 16:41 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 17:55 - 2013-01-30 16:46 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\TS3Client
2015-01-11 17:16 - 2013-01-28 19:42 - 01663539 ____N () C:\Windows\WindowsUpdate.log
2015-01-11 15:39 - 2014-11-26 05:14 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-11 12:39 - 2009-07-14 05:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 12:39 - 2009-07-14 05:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 12:35 - 2014-08-23 23:55 - 00000000 ____D () C:\Users\Anonymous\Downloads\Gameforge Live
2015-01-11 12:30 - 2014-09-07 16:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 12:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 01:16 - 2014-04-30 03:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 00:38 - 2014-05-12 07:39 - 03831296 ___SH () C:\Users\Anonymous\Desktop\Thumbs.db
2015-01-10 00:37 - 2014-08-22 18:18 - 00000000 ____D () C:\Users\Anonymous\Desktop\Musik
2015-01-10 00:33 - 2014-07-31 21:15 - 00000000 ___RD () C:\Users\Anonymous\Desktop\Hauptprogramme
2015-01-10 00:29 - 2013-01-30 02:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-09 18:11 - 2014-08-05 14:42 - 00107008 ___SH () C:\Users\Anonymous\Downloads\Thumbs.db
2015-01-08 17:16 - 2014-09-18 15:13 - 00000000 ____D () C:\Users\Anonymous\Desktop\screens
2015-01-08 17:11 - 2014-11-29 20:59 - 00000000 ____D () C:\Fraps
2015-01-06 08:32 - 2014-11-26 05:18 - 00000994 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-06 08:32 - 2014-11-26 05:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-30 17:31 - 2014-06-26 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-26 14:29 - 2014-08-16 13:49 - 00000000 ____D () C:\Users\Anonymous\AppData\Local\VMware
2014-12-26 14:29 - 2014-08-10 19:06 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\Sony
2014-12-26 14:29 - 2013-09-30 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-12-26 14:29 - 2013-05-22 22:58 - 00000000 ____D () C:\Users\Anonymous\.thumbnails
2014-12-26 14:29 - 2013-03-15 18:32 - 00000000 ____D () C:\Windows\Minidump
2014-12-26 14:29 - 2013-01-29 22:30 - 00000000 ____D () C:\Users\Anonymous\AppData\Roaming\Skype
2014-12-26 14:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-12-26 14:14 - 2014-11-26 05:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-20 09:30 - 2014-09-15 12:44 - 00000000 ____D () C:\ProgramData\AMD
2014-12-20 09:28 - 2014-08-19 21:53 - 00000000 ____D () C:\Program Files\AMD
2014-12-20 09:25 - 2014-09-15 12:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-17 05:56 - 2014-09-25 14:53 - 00390260 _____ () C:\Windows\system32\prfh0404.dat
2014-12-17 05:56 - 2014-09-25 14:53 - 00115072 _____ () C:\Windows\system32\prfc0404.dat
2014-12-17 05:56 - 2014-09-25 13:49 - 00373088 _____ () C:\Windows\system32\prfh0804.dat
2014-12-17 05:56 - 2014-09-25 13:49 - 00119574 _____ () C:\Windows\system32\prfc0804.dat
2014-12-17 05:56 - 2013-01-29 15:25 - 00697256 _____ () C:\Windows\system32\perfh007.dat
2014-12-17 05:56 - 2013-01-29 15:25 - 00149224 _____ () C:\Windows\system32\perfc007.dat
2014-12-17 05:56 - 2009-07-14 06:13 - 02617878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 10:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 22:52 - 2014-06-18 04:20 - 00000000 ____D () C:\ProgramData\WEBZEN
2014-12-12 20:01 - 2014-08-22 03:22 - 00000000 ____D () C:\ProgramData\374311380
2014-12-12 11:16 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 11:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 11:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 02:16 - 2014-04-30 03:44 - 00003966 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-12 02:16 - 2013-02-17 18:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 02:16 - 2013-02-17 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 01:31

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Anonymous at 2015-01-11 19:54:04
Running from C:\Users\Anonymous\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Archlord2 (HKLM-x32\...\{4B23B4C1-769A-49A4-AA12-1FF72B548F5D}_is1) (Version: 1.0.0.1 - Webzen)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
ClearProg 1.6.0 Final (HKLM-x32\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
Flyff (HKLM-x32\...\{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1) (Version: Flyff - WEBZEN Inc)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.44.908 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.49.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.49.1022 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Meine Dienste Software (HKLM\...\Meine Dienste Software) (Version: 2.0.5.0 - Telekom)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1156299357-3113204970-1195548155-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1156299357-3113204970-1195548155-500\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Ovi Desktop Sync Engine (x32 Version: 1.4.92.0 - Nokia) Hidden
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PC Connectivity Solution (HKLM-x32\...\{45DF6D99-666D-41FA-8D62-0E183B6240F3}) (Version: 10.33.1.0 - Nokia)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Red Alienware Skin Pack 2.0-X64 (HKLM-x32\...\Red Alienware Skin Pack) (Version: 2.0-X64 - Publisher)
SADES 7.1 SOUND EFFECT GAMING HEADSET (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
SADES 7.1 SOUND EFFECT GAMING HEADSET (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0001 - )
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{86460AB2-75D3-400D-B9A8-232EC729192E}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (HKLM-x32\...\{DA120551-51CE-3195-8F9E-93D822F61597}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (HKLM-x32\...\{E80D368A-7860-33B0-AD3C-4C94D8023141}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (HKLM-x32\...\{D1B56A67-E132-39BB-8250-BE265061B712}) (Version: 1.0.0.0 - MAGIX AG)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Tropico 5 (HKLM-x32\...\Tropico 5_is1) (Version: 1.0 - ADDONiA)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.25 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.25 - WiseCleaner.com, Inc.)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Anonymous\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Anonymous\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Anonymous\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Anonymous\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1156299357-3113204970-1195548155-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anonymous\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-12-2014 16:57:48 Windows Update
21-12-2014 19:00:24 Windows Backup
26-12-2014 14:09:00 AVG PC TuneUp 2015 wird installiert
28-12-2014 19:00:26 Windows Backup
28-12-2014 21:00:14 AVG PC TuneUp 2015 wird entfernt
28-12-2014 21:02:48 AVG PC TuneUp 2015 (de-DE) wird entfernt
04-01-2015 19:00:20 Windows Backup
11-01-2015 19:00:29 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-07 20:34 - 00450773 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {053BF99A-46C3-47AE-8CC0-45BB7D144149} - System32\Tasks\{0025A16C-23A4-46DD-9062-F49A61835576} => C:\Program Files\Virtual Audio Cable\vcctlpan.exe [2014-01-30] (Eugene V. Muzychenko)
Task: {05C9FDDA-BBC5-442D-B625-0172DE7CE253} - System32\Tasks\{6B37AFD4-388F-4EE3-95F9-96EBDC6869CD} => pcalua.exe -a C:\Users\Anonymous\Downloads\ipscan-win32-3.1.exe -d C:\Users\Anonymous\Downloads
Task: {06347281-8170-4BEC-A22A-E57A77AC432B} - System32\Tasks\{B939C40E-9A31-4893-AD58-5891E5CD119C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {0F27AF8A-172B-4011-AFA9-8F7D960EABEA} - System32\Tasks\{0AD21768-7287-4E99-A621-0BF6DDC24C8E} => C:\Program Files\Netzmanager\netzmanager.exe [2014-01-24] (Deutsche Telekom AG)
Task: {24353E19-26EE-498A-99A0-CAEC14CCB5CB} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={210377AA-19BA-4D88-9E52-F498B338D40F}&amp;mid=4d12f094886947d2b3f05dc0e365a9ff-8350f43fb714d4bb12234ad18030f5e12ee02044&amp;lang=de&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=1214avt&amp;pr=fr&amp;d=&amp;v=4.0.5.7&amp;pid=wtu&amp;sg=
Task: {2BDB2E2D-9718-446A-ACFA-AD9ACBE69CCC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm
Task: {2D8A29F3-0AED-47D0-9B49-CBAA6E8007CD} - System32\Tasks\{95C72BC7-966E-4AC0-B64E-EE1B85ACA374} => pcalua.exe -a "C:\Users\Anonymous\Desktop\mcefree_CB-DL-Manager [1].exe" -d C:\Users\Anonymous\Desktop
Task: {37F17A53-66A4-4939-9062-097E1AD4EB14} - System32\Tasks\{5710A421-C0FA-4569-B600-5FD9B87D0810} => pcalua.exe -a C:\Users\Anonymous\AppData\Local\Temp\Temp1_realtek_pcielan_7_mb.zip\realtek_pcielan_7_mb\AutoInst.exe
Task: {4089E702-2F8D-4BD4-98EB-45D08A553BA9} - System32\Tasks\{1C2C5288-7531-4910-8986-445053EE482D} => pcalua.exe -a C:\Users\Anonymous\Desktop\VAC\setup.exe -d C:\Users\Anonymous\Desktop\VAC
Task: {4308DF4A-4DB4-433C-895C-17CEEE8B9B24} - System32\Tasks\{E0687D79-EFDD-4C8B-8555-086A621AE041} => C:\Program Files\Virtual Audio Cable\vcctlpan.exe [2014-01-30] (Eugene V. Muzychenko)
Task: {526DD7D8-9171-4CCD-A1E0-29518AB7D082} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7930AF99-5A7F-4200-A2AF-8F0DE9A1FBAA} - System32\Tasks\Java(TM) Update Scheduler
Task: {7C8F0E71-9ADD-40C6-8AC6-FF73651C367A} - System32\Tasks\{8C85CB23-DD78-4BAB-BDF1-946A031F3328} => pcalua.exe -a C:\Users\Anonymous\Downloads\Windows7FirewallControl_5.1\Windows7FirewallControl-de-Setup-x64.exe -d C:\Users\Anonymous\Downloads\Windows7FirewallControl_5.1
Task: {820E7507-D1C7-4974-9C75-4782A178EF8C} - System32\Tasks\{5169671C-0A0C-4FCD-9E71-B31D6FA3012D} => pcalua.exe -a "C:\Users\Anonymous\Desktop\NEu\Virtual Audio Cable 4.10\setup.exe" -d "C:\Users\Anonymous\Desktop\NEu\Virtual Audio Cable 4.10"
Task: {824F8D8B-366C-4776-AD76-41807C81E767} - System32\Tasks\{2F0B91A0-1878-40C5-83AF-D9784AC9F0F6} => pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\Anonymous\Downloads -c "C:\Users\Anonymous\Downloads\Assassins_Creed.ts3_style"
Task: {8403B2FD-3A70-4D79-AF19-1F9D8B57F87E} - System32\Tasks\{23952BB3-E890-43BC-9518-BB7875E817C0} => pcalua.exe -a C:\Users\Anonymous\AppData\Local\Temp\Temp1_24627-Realtek_LAN_PCIE_MB.zip\XP\setup.exe
Task: {8BD18F13-766B-49BC-A084-1F89AE985C11} - System32\Tasks\{3C688A11-49F8-4B20-B336-D551188D3CBD} => C:\Program Files\Virtual Audio Cable\vcctlpan.exe [2014-01-30] (Eugene V. Muzychenko)
Task: {90DA8E00-E0DB-4426-A6A0-A310ECA4B611} - System32\Tasks\{8F66A914-A47B-4278-AE71-4A1E03D1A388} => C:\Program Files\Netzmanager\netzmanager.exe [2014-01-24] (Deutsche Telekom AG)
Task: {972F4FCA-2A0A-4F43-8938-A34917447CBA} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {A0A563C2-96CF-44F6-AAC0-347771179062} - System32\Tasks\{80E4D8A8-55D8-486B-BDDA-8F9B6F0794DB} => C:\Program Files\Virtual Audio Cable\vcctlpan.exe [2014-01-30] (Eugene V. Muzychenko)
Task: {A951642C-AC09-4185-BBA7-2EE379BF2695} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {ABA6A9C6-7A5A-488E-8492-9B957903C100} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ABE4E926-132A-4516-94B3-1A6E52BE8479} - System32\Tasks\{88D47204-9505-4A7C-B1DC-4E1154609A4F} => pcalua.exe -a C:\Windows\unasetup.exe
Task: {AF54A699-7142-4617-B5E7-0B93C43EF070} - System32\Tasks\{5BB6B15E-9C5A-418D-9F38-B58236A4B117} => pcalua.exe -a C:\Users\Anonymous\Downloads\blazingcolorsviz.exe -d C:\Users\Anonymous\Downloads
Task: {C719FDF5-B022-4B2E-B786-85772A6299AE} - System32\Tasks\{E36B105D-9968-4C55-A31A-150403B0BC78} => C:\Program Files\Netzmanager\netzmanager.exe [2014-01-24] (Deutsche Telekom AG)
Task: {DE7ACC95-3FB2-470D-AE69-0678FF949D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {E91EEF50-AC80-489F-BA40-D8228FF57D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {F1D45EC0-4B3D-4FF5-B160-817B3252C032} - System32\Tasks\{63F8731D-DF13-4D29-B5C1-60EAF6810BE2} => pcalua.exe -a "C:\Users\Anonymous\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Anonymous\Downloads
Task: {F2D075BF-5533-4655-A311-F3A6247DC64B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {FFDCB89F-326C-45B1-AF61-7E673E71B62D} - System32\Tasks\{A88ECA54-95B8-4277-B3D8-95E4F4FFEEA0} => C:\Program Files\Virtual Audio Cable\vcctlpan.exe [2014-01-30] (Eugene V. Muzychenko)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-12-09 21:27 - 2014-12-09 21:26 - 03081752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-12-09 21:27 - 2014-12-09 21:26 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-10-04 18:41 - 2014-12-03 18:30 - 01090656 _____ () C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\Client\TL.exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-10-02 22:23 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2014-03-25 07:54 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-25 07:54 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-09 21:27 - 2014-12-09 21:26 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-12-09 21:27 - 2014-12-09 21:26 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2014-03-25 07:54 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-25 07:54 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-25 07:54 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-28 14:33 - 2014-02-28 14:33 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 14:45 - 2014-02-27 14:45 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 14:41 - 2014-08-06 11:57 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-02-28 14:41 - 2014-08-06 11:57 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 14:42 - 2014-08-06 11:57 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 14:42 - 2014-08-06 11:57 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-10-04 18:41 - 2014-12-03 18:30 - 20452352 _____ () C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\libcef.dll
2014-10-04 18:41 - 2014-12-03 18:30 - 00115240 _____ () C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\CopyCub.dll
2014-10-05 06:14 - 2014-12-12 14:52 - 20645216 _____ () C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\Client\Binaries\awesomium.dll
2014-10-05 06:14 - 2014-12-12 14:52 - 00166992 _____ () C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\TERA\Client\Binaries\PhysXExtensions.dll
2014-12-12 06:03 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 06:03 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 06:03 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 06:03 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-11 19:39 - 2013-05-20 08:58 - 00620718 _____ () C:\Program Files (x86)\Security Task Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^Users^Anonymous^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Anonymous^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Meine Dienste.lnk => C:\Windows\pss\Meine Dienste.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Guest^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Meine Dienste.lnk => C:\Windows\pss\Meine Dienste.lnk.Startup
MSCONFIG\startupfolder: C:^Users^nostale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Meine Dienste.lnk => C:\Windows\pss\Meine Dienste.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GamingKeyboard => "C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RazerCortex => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Anonymous\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1156299357-3113204970-1195548155-500 - Administrator - Enabled) => C:\Users\Administrator
Anonymous (S-1-5-21-1156299357-3113204970-1195548155-1000 - Administrator - Enabled) => C:\Users\Anonymous
Guest (S-1-5-21-1156299357-3113204970-1195548155-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1156299357-3113204970-1195548155-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34257

Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34257

Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33228

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33228

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32214

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32214

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31215


System errors:
=============
Error: (01/11/2015 07:02:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "vToolbarUpdater18.2.0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/11/2015 06:36:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (01/11/2015 00:31:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Game Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/11/2015 00:31:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Game Scanner erreicht.

Error: (01/11/2015 00:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/11/2015 00:30:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (01/11/2015 00:13:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/10/2015 00:22:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/10/2015 00:20:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 9" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Restart the service.

Error: (01/10/2015 00:20:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "vToolbarUpdater18.2.0" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34257

Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34257

Error: (01/10/2015 05:42:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33228

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33228

Error: (01/10/2015 05:42:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32214

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32214

Error: (01/10/2015 05:42:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 05:42:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31215


CodeIntegrity Errors:
===================================
  Date: 2014-01-29 13:59:12.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:59:11.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:50:16.936
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:50:16.739
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:38:45.115
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:38:44.897
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:34:10.773
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:34:10.504
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:30:05.395
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-29 13:30:05.135
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 631 Quad-Core Processor
Percentage of memory in use: 83%
Total physical RAM: 8181.4 MB
Available physical RAM: 1314.42 MB
Total Pagefile: 16360.98 MB
Available Pagefile: 8994 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Administrator) (Fixed) (Total:698.54 GB) (Free:368.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 44068ABD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 11.01.2015, 23:53

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

svchost Prozess

Plagegeister aller Art und deren Bekämpfung: svchost Prozess

svchost Prozess

svchost Prozess

svchost Prozess

svchost Prozess

Ähnliche Themen: svchost Prozess